About this list Date view Thread view Subject view Author view Attachment view

From: Sam Vilain (sam_at_vilain.net)
Date: Fri 21 Feb 2003 - 03:48:08 GMT


On Fri, 21 Feb 2003 05:26, Jonathan Sambrook wrote:
> continue;
> +#if defined CONFIG_CTX_SYSCTLS
> + // Cloak /proc/sys/kernel/ctx outside of root ctx unless
> explicitly visible + if( de->namelen == 3 && !strcmp("ctx",
> de->name) &&
> + current->s_context != 0 && !sysctl_ctx_unsafe_sysctrls )
> + continue;
> +#endif
> if (!memcmp(dentry->d_name.name, de->name,
> de->namelen)) {

A hack I see, hmm? :-)

Perhaps it would be better to add a capabilities mask to the proc_dir_entry
structure in include/linux/proc_fs.h; then you can turn this test into a
bitwise test. Furthermore, you can then go around easily masking /proc
entries you don't want people to see (like /proc/scsi/*). Best of all, it
wouldn't appear to be vserver-specific, just enhancing the capabilities
system.

However, I think the patch you suggest for the /proc/fs/array.c is probably
a good idea. I will use your work as a fine example as what I need to do
for the userland implementation of my scheduling controls, and put them in
the same place.

Are you truly interested in deceiving the user ? Or just want to make sure
they can't get at things in /proc they shouldn't be able to see?

-- 
Sam Vilain, sam_at_vilain.net

Software suppliers are trying to make their software packages more user-friendly [....] Their best approach, so far, has been to take all the old brochures, and stamp the words, 'user-friendly' on the cover. BILL GATES


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 21 Feb 2003 - 04:12:28 GMT by hypermail 2.1.3